Hacking, AppSec, and Bug Bounty newsletter
2018-02-09 | Phishing the Olympics, Georgia SB-315, and accidental DDoS
Friday, February 9
Programming note: We will not be publishing on Monday - back in your inbox on Tuesday.
Registered users can change app password permissions for any user [7 upvotes] - $100 bounty for this report to Nextcloud by @icewater.
Data-Tags and the New HTML Sanitizer Subverts CSRF protection [4 upvotes] - $2,000 bounty for this report to Ruby on Rails by @benmmurphy. \
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
North Korean hackers had to bring in $100,000 a year, however they could, to funnel back to the regime. They get to keep less than 10% of it - @josephfcox
OTHER ARTICLES WE’RE READING
iPhone’s boot-up source code posted to GitHub but Apple taps DMCA to get it removed
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Clearly, the Internet is now so saturated with digital noise that an arbitrary resource can be hit by botnet activity without being the target of the attack or representing any value whatsoever to the attackers.